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CLAIMS 

What is claimed is: 

1 . A method for enhanced privacy protection in identification in a data communications 
network, the method comprising: 

enroUing for a service on said data communications network; 
receiving a randomized identifier (ID) in response to said enroUing; 
storing said randomized ID; and 

using said randomized ID to obtain services on said data communications network. 



2, A program storage device readable by a machine, embodying a program of 
instructions executable by the machine to perform a method for enhanced privacy 
protection in identification in a data communications network, the method 
comprising: 

enroUing for a service on said data communications network; 
receiving a randomized identifier (ID) in response to said enrolling; 
storing said randomized ID; and 

using said randomized ID to obtain services on said data communications network. 

3. An apparatus for enhanced privacy protection in identification in a data 
communications network, the apparatus comprising: 

means for enrolling for a service on said data communications network; 
means for receiving a randomized identifier (ID) in response to said enrolling; 
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means for storing said randomized ID; and 

means for using said randomized ID to obtain services on said data communications 
network. 

4. An apparatus for enhanced privacy protection in identification in a data 
communications network, the apparatus comprising: 

a smart card configured to store a randomized ID obtained in response to enrolling 
for a service on said data conununications network, said smart card fiirther 
configured to release said randomized ID to obtain services on said data 
communications network. 



5. A memory for storing data for access by an application program being executed on a 
data processing system, comprising: 

a data structure stored in said memory, said data structure including: 
credential data; and 

an authority peer group ID that identifies an entity that provided data 

authentication for said credential, said entity comprising a one or more 
network servers in a data communications network, one of said one or more 
network servers providing data authentication for said credential; 

a cryptogram provided by said entity and used to authenticate said credential data. 
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6. A method for obtaining a service on a data communications network, the method 
comprising: 

presenting an authority on said data communications network with user data and a 

credential request; and 
receiving a credential in response to said credential request, said credential 
comprising: 
a randomized identifier; 
credential user data; and 

an indication of the credential user data verification performed by said authority 
in response to said credential request. 



?U ^ method for obtaining a service on a data commimications network, the method 

SI 

g comprising: 

^ presenting an authority on said data communications network with a logon request; 

receiving a kerberos ticket in response to said user authentication data, said ticket 
2 compnsmg a randomized user ID; and 

using said kerberos ticket to obtain services from one or more service provider on 
said data communications network. 

8. A program storage device readable by a machine, embodying a program of 

instructions executable by the machine to perform a method for obtaining a service on 
a data commimications network, the method comprising: 

presenting an authority on said data commimications network with a logon request; 
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receiving a kerberos ticket in response to said user authentication data, said ticket 

comprising a randomized user ID; and 
using said kerberos ticket to obtain services from one or more service provider on 

said data communications network. 



9. An apparatus for obtaining a service on a data communications network, the 
apparatus comprising: 

means for presenting an authority on said data communications network with a logon 
request; 

means for receiving a kerberos ticket in response to said user authentication data, 

3 said ticket comprising a randomized user ID; and 

P , . 

IIJ means for usmg said kerberos ticket to obtain services from one or more service 

S|. 

Q provider on said data communications network. 

a 

s 

a 

1 0. An apparatus for obtaining a service on a data communications network, the 
P5 apparatus comprising: 

an enrollment authority configured to accept an enrollment request, said enrollment 
authority further configured to return enrollment results in response to said 
enrollment request, said enrollment results comprising user data, said enrollment 
results for use in obtaining a service from a service provider. 
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1 1, An apparatus for obtaining a service on a data communications network, the 
apparatus comprising: 

a service provider configured to accept a service request and enrollment results 
obtained from an enrollment authority, said service provider capable of 
communicating w^ith said authority to verify said enrollment results, said service 
provider configured to provide said service based upon said enrollment results 
and a response from said enrollment authority. 



III 
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